Articles   Home

CriMNet and MJNO databases have political uses

CriMNet Comes Acropper

Note: April 2004 there is opinion published by Don Gemberling, director of the Information Policy Analysis Division of Administration on the privacy concerns that shut down CriMNet MJNO program and featuring the legislator that took the risks to stop the program.
Minnesota IPAD Newsletter
Minnesota IPAD Newsletter

Note: MARCH 3, 2004 CRIMNET has been audited by the Minnesota Legislative Auditor. Two reports, one on the project, one more of a finance audit.
CriMNet Program Audit
CriMNet Financial Audit

As I predicted they found the usual: bad management, money squandered, bad design.

MJNO Comes Acropper

Note: MJNO has been shutdown again! Dec 18, 2003. AP story at the bottom of the page. Found to be too dangerous to inflict on the public.

In my backwoods state of Minnesota Big Brother databases are sprouting up all over the place.

State projects, such as the State of Minnesota's CriMNet at CriMNet have the facade of being an open process and complying with state privacy laws. A state paramilitary, the BCA (Minnesota Bureau of Criminal Apprehension), is supposed to run this site, as yet unfinished. Database models, policies, privacy law, etc., are available for public perusal at the site. But all is not as it seems. The reality is that there is no actually real oversite and control of sensitive public data.

CriMNet is actually a collection of projects that seems to be bent on completing the Total Information Awareness (TIA) project, the scary Big Brother database projects in the US Department of Defense at DARPA that were run by felon John Poindexter of the Iran-Contra scandal.

Under the guise of CriMNet, another Minnesota rump paramilitary group, a private one, the Minnesota Chiefs of Police Association, have taken the government sensitive data private and are using it with no controls. It started operating in 2001 and basically started crudely stitching together various police organization databases.

The web site MJNO, (Multiple Jurisdiction Network Organization), is an out of control big brother site rife with scandal and abuse potential.

This Minnesota MJNO project has been broken into by whistleblowers and declared to be spreading juvenile and private police contact data to an undefined, unknown group with no known controls by Don Gemberling, Director of the State of Minnesota's Information Policy Analysis Division. Data of this type is "non-public" data and must have controls by law. The website and database was shutdown during November of 2003 and reopened in December, 2003, now with a password, so everything is supposed to be OK.

There are three articles by the Associated Press (AP) included below with the URLs of publication by the St Paul Pioneer Press, the daily paper in Saint Paul, Minnesota. The articles point to political uses of the data, lack of security and general bad management. But it is all OK because there was one legislative hearing on the subject. And the password is now put on the website. Of course, the government response by the Minnesota BCA has been to declare the whistleblower a fugitive and subject to the full weight of the law. This is the same BCA that did not get its own "open" project (CriMNet) finished and turns a blind eye to the private paramilitary organization violating privacy laws and operating fast and loose with the public's resources, its data, now unprotected.

Add to that the recent scandals with the Ramsey County Sheriff Bob Fletcher threatening political opponents with investigations using the powers of his office, such as fingerprint and other databases and this raises obvious problems. (Check Google.) Sheriff Bob is not a backwoods boob, his county includes St Paul, the capital of Minnesota. Bob Fletcher's threats.

So was there a tacit or explicit conspiracy to let the Minnesota Chiefs of Police Association use the government data because the Minnesota BCA was too incompetent to finish CriMNet or too constrained by law?

Lets look at competency. A look at the CriMNet website shows a moribund site with little activity, pages under construction, links to unfinished documents and "Risk" reports hinting at funding, technical and especially management problems. A trial program involving Carver County may or may not be operating, you would not know from the CriMNet website. Some links to XML models go to a private site, not a government site, that also raises questions as to the security of the data and the ability of the BCA to manage the project. A list of CriMNet projects includes the MJNO at CriMNnet Projects it has mutated into a multi database collection that is trying to integrate into the local TIA database from big brother.

But a project that handles public data securely, legally and has safeguards against abuse is not the easiest project to get off the ground. Still, my assessment from this cursory investigation is that the BCA has had lots of problems putting a system into the field.

Now lets check the law constraint, is there political pressure to get data to local paramilitaries? Minnesota has had active "Red Squads" in its major police jurisdictions for about a hundred years. Was the 9-11 terrorism scare the trigger to look the other way as the private paramilitary group supplied data to the local paramilitaries? It is probable and if so, it is a dangerous move. The police are notorious political animals, like cop-mayor Frank Rizzo in Philadelphia Minneapolis also had cop-mayor Charlie Stenvig during the Vietnam War and its current Chief of Police Olsen is known as a hardball politician with a history of preemptive raids on political demonstrators. Ramsey County Sheriff Bob Fletcher has standing threats against his political opponents, now including the Republicans, Democrats and the League of Women Voters. Granted, that still leaves most of us off the target list.

Is the private paramilitary MJNO system much more technologically sophisticated than the other BCA systems? Is private enterprise showing its superior efficiency? It is easy just to hook up a bunch of databases and have no controls, no safeguards against abuse and not even a record of who accessed the data. The whistleblower hacker is still on the lam, the database, down for a month is back up, data access is still outside of the law, there were no safeguards or auditing system explained to the press to prevent abuses. According to MJNO is running Microsoft-IIS/5.0 on Windows 2000, not known to be a paragon of security.

Other projects on the CriMNet projects page are also running IIS/5.0 on Windows 2000, have user manuals open to the public and look similar to the old MJNO site, probably vulnerable to the same type of hack explained in the MJNO articles below. The TIA project, CriMNet and the MJNO project, hmm..., how many more projects like this are being done in other states? Well, I would guess lots of 'em. A quick look on Google shows gobs of these projects in Michigan, St Louis, Canada...

Florida has one, a multi-state juggernaut, also a scandal, called MATRIX, run by Hank Asher, a felon drug smuggler who had connections to the company that Jeb Bush and Kathleen Harris used to change the voter registration database in Florida by removing 20,000+ voters it affected the 2000 presidential election for G. W. Bush. The MATRIX scandal was in the news August of 2003, and the database still exists. URLs for more information are included below.

Notice a pattern? Criminal involvement, political uses, bad policy and the leak of privacy related data from the public sector to private entities where it is uncontrolled and used for politics and profit. Use of public data that is privacy protected in government control is somehow magically not a problem once it escapes into private hands. That Florida 2000 vote scrub data included race designation, very handy for cleaning the voter rolls to make sure the election went the right way. State controls are really non-existent too, any user that can access the data controls it, especially when the data goes private. Credit data, medical data, government data, insurance data, police data, judicial data, tax data, it all has supposed policies strictly governing its use when under each separate area, but once a database is stolen, sold, abandoned or given away there are no controls in the private sector, no recourse to correct inaccurate data, no limits to its use for politics or profit.

Data from separate sources, seemingly under control, can be combined to create a bigger whole, with more danger to our freedoms in that whole than the separated parts. An example? Voter rolls, plus race designation, plus removal criteria set by interested parties is an explosive combination that has far greater impact than any of the parts by themselves and affected the election of the president of the USA.

Here are some questions that should be asked:

>How many other state and private Big Brother projects are there?

>What data is in the databases?

>What are the uses and who are the users?

>Who controls the data? Two that I know of that were actually implemented were outside of direct state control, one is using illegal data, the other looks like the source of the data to remove civil rights of citizens and affect a national election.

The government controlled databases have hundreds of violations as recorded in newspaper articles around the country as tens of thousands of users are the ones who have control of the information, selling it, using it politically, using it for business and even to get dates. Look up "police database privacy" on google for a big list of stories.

>What political activities have these "state" projects been involved in?

>What commercial activities have these "state" projects been involved in?

>What sort of security do these "state" project have to enforce use and access?

>What uses can the data be used for, other than declared? Including illicit uses as well as other uses.

> What are the common abuses by users, managers, contractors and others? A quick look on google shows lots of abuses, locally and internationally.

Nobody knows the answers to those questions, no one cares. The use of private entities to control sensitive public data is clearly bad policy and seems to be a trend. There are no real controls in the private sector, but the public sector seems almost as bad. These databases, public and private are already widespread, many regional in scope, but now growing in geographic area and coalescing with other groups databases.

One trend is to put larger and more varied sets of data together, like the DARPA TIA project. Existing database projects include US State Department data, immigration, police, court, driving records, airline ticket data, voting registration, medical data, insurance data, credit data, bank records. Also what is clear is that political use of the data is widespread as is harassment, selling of data and other uses for financial advantage. The abuses by users of the databases are documented in many separate news stories, many of the abuses are similar, but I see no real study of the abuses or prevention. The security issues of user abuse are ignored at this time.

Also what seems to be lacking is data integrity and accuracy controls as these databases grow and match disparate data pieces. Mashed together and updated sporadically the aggregate data can be a mess.


MATRIX project reference, also look it up on Google. Below from

MATRIX was developed by Hank Asher, a wealthy data entrepreneur and founder of Seisint. According to news reports, Asher called Florida police right after the attacks (9-11), claiming he could pinpoint the hijackers and others who might pose a risk of terrorist activity. He offered to make this powerful law enforcement database available quickly, for free. Asher, reportedly a former government informant involved with drug smuggling, resigned from Seisint at the end of August following a series of critical newspaper reports - reports that also reminded Florida residents that it was Asher's former company, Database Technologies, that administered the contract that stripped thousands of African Americans from the Florida voter rolls before the 2000 election, erroneously contending that they were felons.


Google search on CriMNet or MJNO to get more articles. a St Paul Pioneer Press article copied from the web is below:

Posted on Sat, Nov. 01, 2003 Police data network closed for now BY PATRICK HOWE Associated Press

A computer network used to share police files among more than 175 law enforcement departments in Minnesota has been closed after a state lawmaker learned "beyond a shadow of a doubt" someone had hacked into the system to demonstrate its vulnerability.

"A security breach was alleged. We take that extremely seriously. We've taken the system off line in this particular case," Bob Johnson, director of the state's CriMNet program, said Friday.

He said he does not know how long the file sharing system ? known as the Multiple Jurisdictional Network Organization ? will be down.

Johnson said an investigation is under way to confirm whether and how MJNO was breached. He stressed that any breach did not compromise parts of CriMNet, the umbrella term describing various efforts to link different criminal justice data systems in the state.

Johnson announced the possible breach at a criminal justice information task force meeting Friday morning after state Rep. Mary Liz Holberg, a Republican from Lakeville, first made the allegation.

Holberg, who already planned to hold hearings on MJNO, said in an interview she was approached by a person who is not supposed to have access to the network and who showed her information the system had on her.

"It was proven to me that an individual that was not law enforcement, beyond a shadow of a doubt, had access to the system," she said.

She said she contacted Gov. Tim Pawlenty's office about the flaw and subsequently verified the information was from the system by seeking a copy of her own MJNO file from a local police agency.

Police agencies who participate in the system use a password-protected Internet site to access more than 8 million police records, including the names of suspects, witnesses and people who have sought handgun permits in addition to the names of people who have been arrested or convicted of a crime.

Since 2001, when it began operating on a statewide basis, the system has been owned by the private nonprofit Minnesota Chiefs of Police Association, though the state took over its operation as a pilot project in March.

Johnson said the state had been planning security upgrades to the police network.

In an e-mail to members of the network apparently sent Friday, Dennis Delmont, the executive director of the chiefs association, said the system will be moved behind a Minnesota Bureau of Criminal Apprehension computer firewall and that BCA and CriMNet computer experts are investigating.

"If there has been an illegal compromise of MJNO we will seek criminal prosecution of those responsible," Delmont wrote in a letter obtained by the St. Cloud Times. "If there was no compromise we will try to determine the rationale for such a claim and seek civil and/or legislative relief."

In recent weeks, lawmakers and other critics had begun to raise concerns about the system, questioning its security features as well as the state's involvement.

Agencies in neighboring states have begun to join the network and some officers have access to it from their squad cars.

The basic concept began in 1992, when police in Crystal asked to view the records of their Minneapolis counterparts. In 1997, some 22 police agencies banded together to win a federal grant to build a prototype. Eventually, it was turned over to the nonprofit police chiefs association to run and administer.

So far, the network has been paid for through federal grants and subscribing agencies paying fees of $50 to $500. In March, the state leased rights to use it for 18 months in exchange for investing up to $150,000 to upgrade the system. It's housed on a state Web server ? ? and state employees run it.

The state is exploring absorbing MJNO permanently after the lease is up, Johnson said in a recent interview.

When an officer gets a hit on a name searched in the MJNO network, the screen he calls up shows the person's name, date of birth, the number and type of case that brought them to police attention and the person's role in the matter.

Delmont, of the chiefs association, said it's up to police to verify the accuracy of the information they access. He said the association doesn't own or alter the data. The MJNO, he says, is merely a pipe linking one agency's data to another.

"(Critics are) concerned why the Chiefs of Police Association collects all this information on them. The answer is, we don't," he said. "We facilitate the collection by pointing to the data."

Testimonials on MJNO's Web site laud its ease of use. One investigator says it helped him do in four hours what would have taken his full staff a week. Another boasts that "tools like MJNO are changing the way we do business."

Scott Chapman may have been one of the first people outside of law enforcement to become aware of the reach of MJNO. He said the experience left him feeling violated.

Last March, Chapman, a computer systems administrator, was at a political rally outside U.S. Rep. John Kline's office. He was carrying a sign reading "Freedom is not free," to balance people protesting the war in Iraq, he said.

As the rally neared an end, a Burnsville police sergeant asked to search his fanny pack. Chapman protested but eventually handed it over. Finding nothing unusual, the officer allowed him to leave.

Chapman said the experience left him shaken and curious why he'd been singled out.

The answer came from a friendly file clerk and the police report on the incident. Chapman learned that the officer was suspicious in part because he'd searched the MJNO and found Chapman had requested but been denied a concealed carry permit. (Chapman had since been granted a permit, though that wasn't in the records)

"Here I've done nothing wrong. I've done everything right. I applied for a legal permit and followed the process," Chapman said. "Now I find out that my name is commingled with all of the felons and arrestees and everyone else? It just seems wrong.

"I'm a white guy from the 'burbs and I was stopped and illegally searched. Can you imagine what it must be like for a guy who's not a white guy from the 'burbs?"

His attorney, gun-rights activist David Gross, says he is exploring a possible lawsuit over the incident.

Gross questions the accuracy of the information and the security of the system. He believes the system should be shut down because it was never authorized by the Legislature and doesn't comply with parts of the state's records law, the Data Practices Act.

"There's all sorts of philosophical questions," he said. "What is it? Why did they need to create it? Is it lawful to create it? Why in the hell, if they needed it and wanted it to exist, didn't they go through the state government to create it?"

He said he believes state law demands that citizens have access to any data collected on them, provided they aren't the suspect of an investigation. Delmont said those questions should be taken to the agencies that hold the actual records, not MJNO.

Largely thanks to Chapman's efforts to bring the system to their attention, lawmakers are beginning to ask questions.

As a lawmaker who has served on key police and law committees, Holberg said she initially dismissed talk about a secret, privately run database, assuming she would have heard about it if it existed. "I thought it sounded so bizarre it couldn't be true."

Holberg said she can see the benefits of the system to police, but she's grown concerned enough to plan hearings on MJNO for the next legislative session.

"There needs to be major big-time discussion from a public policy standpoint before we get much further down the road."


Article in the St Paul Pioneer Press Dec 3, 2003 at

Posted on Wed, Dec. 03, 2003 story:PUB_DESC POLICE DATABASE: Crime data was available for months, hacker says BY PATRICK HOWE Associated Press

For months, access to a massive database of police files was available to anyone with a rudimentary knowledge of computers and an Internet link, according to a man who said he looked up files on the system several times.

He told lawmakers his story, anonymously by phone, during a hearing Tuesday on the Multiple Jurisdiction Network Organization.

After first accessing the system in April, he told Rep. Mary Liz Holberg, R-Lakeville, about the system's vulnerabilities in October, in part by showing her files the system contained on her. She then warned state officials, who temporarily shut the system down.

The system's security was upgraded and it is now running again, though with only about half the records it originally contained. "It was pretty simple," the hacker said of the system, intended for police use only. "There was no security, no warning, no nothing."

The man said he got into the system by simply adding the words "PersonSearch/PersonSearch.asp" to the end of the link's normal Web address,

>From there he was able to search any of the system's roughly 8 million records, containing police "contact" information on people who have been suspects, witnesses or victims in crimes in more than 180 law enforcement jurisdictions in the state.

It also contains private information such as juvenile records and whether a person has applied for a handgun or a permit to carry a firearm in public.

Though it is used by state agencies and run by state employees on state-owned computers, the network is technically owned by a private nonprofit group ? the Minnesota Chiefs of Police Association.

In separate testimony, attorney Joseph Rymanowski said he has been contacted by others who claimed they were able to access the system through simple computer tricks, such as using a feature of an Internet browser that shows the code used to create a Web page.

Holberg said she allowed the hacker to testify after being assured by the Bureau of Criminal Apprehension officials that an investigation into the hacker's security breach had been closed.

The anonymous testimony was perhaps the most dramatic moment in a three-hour hearing that focused on the system's vulnerabilities to abuse.

Holberg, chairwoman of the House Civil Law Committee, grew emotional at times during the hearing. She noted the system listed her as a "suspect" because a neighbor complained about where her car was parked six years ago.

"That particular neighbor could likely have accused me of anything and it would still list me as a suspect," she said.

Lawmakers also questioned whether it abides by the state's records law, which offers certain privacy protections as well as a promise that individuals can find out what information on them is contained in statewide computer systems.

Don Gemberling, director of the state's Information Policy Analysis Division, said it doesn't appear to comply with the law, in part because all the data in it has been considered "confidential investigative data" regardless of whether it is considered public in the original police files.

"What I heard today is that MJNO doesn't know how its data is classified," Gemberling said. "There needs to be some protection for individuals because of the bad things that can happen."

Dennis Delmont, executive director of the Chiefs association, said the group is working to address those problems. He also said he'll be relieved if and when the state is ready to take over control of the system.

Holberg said her committee will work on a bill addressing problems with the system in the upcoming session of the Legislature. "We've got some work to do."

########################################################## Posted on Tue, Dec. 02, 2003 ANALYSIS: Expert questions database's legality BY PATRICK HOWE Associated Press

A state-run police database may be violating privacy protections in state records laws by, among other things, sharing information about who holds handgun permits, according to an analysis by the state's top expert on the law.

The Multiple Jurisdiction Network Organization is a collection of millions of police "contact" records that 175 police agencies in Minnesota and Wisconsin have agreed to share and jointly pay for.

Through a password-protected Web site sometimes available from squad cars, it provides officers the names of people who have found their way into police files for a variety of reasons. They can be listed, for example, as suspects, victims or as witnesses to crimes.

The system is unusual. While it is used by state agencies and run by state employees on state-owned computers, it is technically owned by a private, nonprofit group — the Minnesota Chiefs of Police Association. Some people who have been targeted because of the database say it has allowed their privacy to be invaded.

State Rep. Mary Liz Holberg, R-Lakeville, will hold a hearing today on the system by the House Civil Law Committee. She asked Don Gemberling, director of the state's Information Policy Analysis Division, to respond to a series of questions on the system.

In a 10-page response to Holberg provided to the Associated Press, Gemberling said the database does not appear to be in compliance with state records laws in several important ways.

He cautioned that his analysis depends on assumptions about the system, such as that the Data Practices Act applies because the database is "a statewide system" under law. But he concluded the system seems to be improperly collecting and sharing private information, including juvenile records and gun permit data.

State law, he said, classifies the firearm permit data as private.

"There is no authority from the Legislature for these data to be transferred to a statewide database like MJNO (the Multiple Jurisdiction Network Organization) whether operated by government or a private party," he wrote. The standard gun permit application developed by the Bureau of Criminal Apprehension discloses that the data "may be shared" with law enforcement agencies. But, Gemberling noted, it does not say the information will be put into a statewide system.

Without that caveat, Gemberling said, the form doesn't give people enough information to decide whether or not they want to share their private data, a basic principle of the state law.

Further, he said, the Legislature has specifically said that if individuals do not get notice of how their information will be used, the data cannot be shared.

Such an interpretation would require that both juveniles whose records are entered in the system and applicants for gun permits be notified that their data could be loaded into the system.

Shown a copy of the letter, Dennis Delmont, executive director of the Minnesota Chiefs of Police Association, said the Data Practices Act is a complex area of law that his association is working to abide by.

He said the association had already asked Gemberling for help interpreting parts of the law.

"We are private but we know that if we are at all involved with governmental agencies, that we have to comply with the rules of the government and that's not a problem with us," he said.

Last month, out of fear someone had gained access to the system improperly, the entire system was taken down. Its software was upgraded and it was placed behind a state-run data firewall to improve security.

Posted on Thu, Dec. 18, 2003 AP NewsBreak: Police database shut down PATRICK HOWE Associated Press

ST. PAUL - A massive state-run database of confidential police files has been shut down permanently out of concern it violated privacy laws, state and police officials said.

The board of the Minnesota Chiefs of Police Association, a nonprofit organization that owns the network, voted Thursday afternoon to immediately purge the Multiple Jurisdiction Network Organization of its millions of police "contact" records, which had been collected by more than 175 Minnesota police agencies and a handful in Wisconsin over several years.

"The wheels aren't turning and the lights are out," said Dennis Delmont, executive director of the association. "We're just out of business."

Chaska Police Chief Scott Knight, a member of the chiefs association, called the shutdown "an absolute travesty and a major setback for law enforcement" though he joined in the unanimous vote.

"In my 28 years in law enforcement, (MJNO) is one of the top five, if not top three single quantum leaps I've seen our profession take in my entire career," he said. "And now we've had to put it on the shelf."

Others, however, saw it as a state-sanctioned invasion of privacy with questionable security protections. The Associated Press noted concerns about the system in a series of articles beginning in October. A House hearing raised additional questions early this month.

Sometimes available from squad cars, the database had information on people who found their way into police files as suspects, witnesses or victims of alleged crimes. It also had juvenile and gun records.

State officials had been poised to terminate the contract on their own if the Chiefs association did not act, and the state waived a clause allowing a 30-day waiting period, making its shutdown immediate.

"It's in violation of the law, apparently, from what we've been advised," Department of Public Safety Commissioner Rich Stanek said of the network. Stanek, on leave as an inspector from the Minneapolis Police Department, said he recognizes that the system has been an important tool for police, but added: "I'm making a good business decision on behalf of the state of Minnesota."

Fueled by federal grants, MJNO grew out of a small collaboration a decade ago between Minneapolis and a handful of metropolitan cities. It took its current form after the Chiefs group took over its operation in 2000 and eventually its members grew to include agencies that policed more than two-thirds of the state's population.

The system was briefly taken down in October when a hacker claimed he gained access to the records. It later returned, but with about half the 8 million records it had at its peak.

An analysis from the state Department of Administration, responding to questions from Rep. Mary Liz Holberg, R-Lakeville, last month determined that the network appeared to violate privacy protections in state law in several important ways, including its treatment of juvenile records and gun permit data.

In the analysis, Don Gemberling of the state's Information Policy Analysis Division questioned how the Chiefs' group could label all data in the system as "active criminal investigative data," shielding it from public view, when some of it was clearly public information under law.

Delmont said his group tried to work through the problems. "We looked all over for help but all we got was finger-pointing," he said.

Holberg, chairwoman of the House Civil Law Committee, said she's relieved at the decision.

"They are falling on the side of recognizing the rights of privacy of individuals," she said. "We no longer have a situation where they are talking about how the ends justify the means."

Delmont said while his group has washed its hands of the network, he would encourage any law enforcement officials who valued it to lobby lawmakers for a similar system built and run entirely by the state.

Scott Chapman, a computer systems administrator, was one of the first to raise questions about the system after he discovered he'd been detained at a political rally by Burnsville police in part because of inaccurate information the system had about his request for a permit to carry a handgun.

"I hope that this leads to a renewed discussion on public access to government data at all levels and the responsibility of the agencies that collect it," he said of the news.

Knight, the Chaska chief who lamented the demise of MJNO, recalled that the first day his force joined the network, an investigator was able to track down a rape suspect they couldn't otherwise find.

"My message to lawmakers is 'Get to work and bring this back,'" he said.

Patrick Howe may be reached at phowe(at) Posted on Mon, Feb 16, 2004
ANALYSIS: Police want database back.
. BY PATRICK HOWE Associated Press


More URLs from the many in a google lookup of "police database" found more on the MJNO story:

Washington State:

Future Crime:


Detroit Free Press Michigan LEIN police database:

State Departemnt Visa database to open to local police

St Louis:

Canadian Police Information Center, or CPIC:

Total Information Awareness LIVES: